1 | Page
Georgia Access 2025 Questions and Correct
Answers
Which of the following is not a requirement for handling
Personally Identifiable Information (PII) and Protected
Health Information (PHI)?
All information received must be kept confidential in
accordance with applicable state and federal laws and
regulations
Only information required to assist the consumer can be
gathered/collected Store all consumer PII and PHI on a
backup device
Only share consumer PII and PHI with those who are
authorized to receive such information Ans: The
requirement that is not applicable for handling Personally
Identifiable Information (PII) and Protected Health
Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and
confidentiality of PII and PHI, storing data on a backup
device is not a specific requirement. The focus should be
on ensuring confidentiality, collecting only necessary
information, and sharing it only with authorized
individuals.
If you suspect or witness a breach involving unsecured
Personally Identifiable Information (PII), what is the first
thing you should do?
Nothing
© 2025 All rights reserved
, 2 | Page
Alert the media
Call the consumer who's PII was compromised to let them
know
Report the incident immediately to Georgia Access and no
later than twenty-four (24) hours, after discovery of the
incident Ans: If you suspect or witness a breach involving
unsecured Personally Identifiable Information (PII), the first
thing you should do is:
Report the incident immediately to Georgia Access and no
later than twenty-four (24) hours after discovery of the
incident.
Fill in the blank: When violations result in monetary fines
from the state or federal government, the fines associated
with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible Ans: When violations result in monetary fines
from the state or federal government, the fines associated
with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use,
or disclosure of Protected Health Information (PHI) in a
manner not permitted and that compromises the security
or privacy of the PHI.
Computer Threat
Breach
Security Incident
© 2025 All rights reserved
, 3 | Page
Access Control Ans: A(n) Breach is the acquisition, access,
use, or disclosure of Protected Health Information (PHI) in
a manner not permitted and that compromises the security
or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or
disclose Individually Identifiable Health Information (IIHI)
under false pretenses with the intent to sell, transfer, or
use it for commercial advantage, personal gain, or
malicious harm may be sentenced up to _____ years in
prison.
1
5
7
10 Ans: Covered entities who knowingly obtain or disclose
Individually Identifiable Health Information (IIHI) under
false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm
may be sentenced up to 10 years in prison.
Fill in the blank: Data that contains Protected Health
Information (PHI) stored on or accessible from physical
devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera Ans: Data that contains Protected Health
Information (PHI) stored on or accessible from physical
devices must be equipped with access controls.
© 2025 All rights reserved
Georgia Access 2025 Questions and Correct
Answers
Which of the following is not a requirement for handling
Personally Identifiable Information (PII) and Protected
Health Information (PHI)?
All information received must be kept confidential in
accordance with applicable state and federal laws and
regulations
Only information required to assist the consumer can be
gathered/collected Store all consumer PII and PHI on a
backup device
Only share consumer PII and PHI with those who are
authorized to receive such information Ans: The
requirement that is not applicable for handling Personally
Identifiable Information (PII) and Protected Health
Information (PHI) is:
Store all consumer PII and PHI on a backup device
While it is important to ensure the security and
confidentiality of PII and PHI, storing data on a backup
device is not a specific requirement. The focus should be
on ensuring confidentiality, collecting only necessary
information, and sharing it only with authorized
individuals.
If you suspect or witness a breach involving unsecured
Personally Identifiable Information (PII), what is the first
thing you should do?
Nothing
© 2025 All rights reserved
, 2 | Page
Alert the media
Call the consumer who's PII was compromised to let them
know
Report the incident immediately to Georgia Access and no
later than twenty-four (24) hours, after discovery of the
incident Ans: If you suspect or witness a breach involving
unsecured Personally Identifiable Information (PII), the first
thing you should do is:
Report the incident immediately to Georgia Access and no
later than twenty-four (24) hours after discovery of the
incident.
Fill in the blank: When violations result in monetary fines
from the state or federal government, the fines associated
with the violation are considered _____.
Civil penalties
Criminal penalties
Federal penalties
Negligible Ans: When violations result in monetary fines
from the state or federal government, the fines associated
with the violation are considered Civil penalties.
Fill in the blank: A(n) _____ is the acquisition, access, use,
or disclosure of Protected Health Information (PHI) in a
manner not permitted and that compromises the security
or privacy of the PHI.
Computer Threat
Breach
Security Incident
© 2025 All rights reserved
, 3 | Page
Access Control Ans: A(n) Breach is the acquisition, access,
use, or disclosure of Protected Health Information (PHI) in
a manner not permitted and that compromises the security
or privacy of the PHI.
Fill in the blank: Covered entities who knowingly obtain or
disclose Individually Identifiable Health Information (IIHI)
under false pretenses with the intent to sell, transfer, or
use it for commercial advantage, personal gain, or
malicious harm may be sentenced up to _____ years in
prison.
1
5
7
10 Ans: Covered entities who knowingly obtain or disclose
Individually Identifiable Health Information (IIHI) under
false pretenses with the intent to sell, transfer, or use it for
commercial advantage, personal gain, or malicious harm
may be sentenced up to 10 years in prison.
Fill in the blank: Data that contains Protected Health
Information (PHI) stored on or accessible from physical
devices must be equipped with _____.
Wi-Fi
Access controls
Accessibility
A camera Ans: Data that contains Protected Health
Information (PHI) stored on or accessible from physical
devices must be equipped with access controls.
© 2025 All rights reserved
